From 6ff1d2932e11ac20102cb12eee49708097381df7 Mon Sep 17 00:00:00 2001
From: Pam Selle <204372+pselle@users.noreply.github.com>
Date: Wed, 10 Mar 2021 11:47:01 -0500
Subject: [PATCH] Conclude provider sensitivity experiment

Conclude the provider sensitivity experiment and make this
a default behavior.
---
 experiments/experiment.go       |  2 +-
 terraform/context_apply_test.go |  4 ----
 terraform/evaluate.go           | 21 ++++++---------------
 terraform/evaluate_test.go      |  5 -----
 4 files changed, 7 insertions(+), 25 deletions(-)

diff --git a/experiments/experiment.go b/experiments/experiment.go
index c39dac469..ee73ca233 100644
--- a/experiments/experiment.go
+++ b/experiments/experiment.go
@@ -22,8 +22,8 @@ func init() {
 	// Each experiment constant defined above must be registered here as either
 	// a current or a concluded experiment.
 	registerConcludedExperiment(VariableValidation, "Custom variable validation can now be used by default, without enabling an experiment.")
+	registerConcludedExperiment(SuppressProviderSensitiveAttrs, "Provider-defined sensitive attributes are now redacted by default, without enabling an experiment.")
 	registerCurrentExperiment(ModuleVariableOptionalAttrs)
-	registerCurrentExperiment(SuppressProviderSensitiveAttrs)
 }
 
 // GetCurrent takes an experiment name and returns the experiment value
diff --git a/terraform/context_apply_test.go b/terraform/context_apply_test.go
index 00468c4bb..7b7bfc1d6 100644
--- a/terraform/context_apply_test.go
+++ b/terraform/context_apply_test.go
@@ -11938,10 +11938,6 @@ resource "test_resource" "foo" {
 func TestContext2Apply_variableSensitivityProviders(t *testing.T) {
 	m := testModuleInline(t, map[string]string{
 		"main.tf": `
-terraform {
-	experiments = [provider_sensitive_attrs]
-}
-
 resource "test_resource" "foo" {
 	sensitive_value = "should get marked"
 }
diff --git a/terraform/evaluate.go b/terraform/evaluate.go
index c8b49c66c..4bf19fefc 100644
--- a/terraform/evaluate.go
+++ b/terraform/evaluate.go
@@ -15,7 +15,6 @@ import (
 	"github.com/hashicorp/terraform/addrs"
 	"github.com/hashicorp/terraform/configs"
 	"github.com/hashicorp/terraform/configs/configschema"
-	"github.com/hashicorp/terraform/experiments"
 	"github.com/hashicorp/terraform/instances"
 	"github.com/hashicorp/terraform/lang"
 	"github.com/hashicorp/terraform/plans"
@@ -758,15 +757,11 @@ func (d *evaluationStateData) GetResource(addr addrs.Resource, rng tfdiags.Sourc
 				continue
 			}
 
-			// EXPERIMENTAL: Suppressing provider-defined sensitive attrs
-			// from Terraform output.
-
-			// If our schema contains sensitive values, mark those as sensitive
-			if moduleConfig.Module.ActiveExperiments.Has(experiments.SuppressProviderSensitiveAttrs) {
-				if schema.ContainsSensitive() {
-					val = markProviderSensitiveAttributes(schema, val)
-				}
+			// If our provider schema contains sensitive values, mark those as sensitive
+			if schema.ContainsSensitive() {
+				val = markProviderSensitiveAttributes(schema, val)
 			}
+
 			instances[key] = val.MarkWithPaths(change.AfterValMarks)
 			continue
 		}
@@ -785,14 +780,10 @@ func (d *evaluationStateData) GetResource(addr addrs.Resource, rng tfdiags.Sourc
 		}
 
 		val := ios.Value
-		// EXPERIMENTAL: Suppressing provider-defined sensitive attrs
-		// from Terraform output.
 
 		// If our schema contains sensitive values, mark those as sensitive
-		if moduleConfig.Module.ActiveExperiments.Has(experiments.SuppressProviderSensitiveAttrs) {
-			if schema.ContainsSensitive() {
-				val = markProviderSensitiveAttributes(schema, val)
-			}
+		if schema.ContainsSensitive() {
+			val = markProviderSensitiveAttributes(schema, val)
 		}
 		instances[key] = val
 	}
diff --git a/terraform/evaluate_test.go b/terraform/evaluate_test.go
index 59202422d..7a96767f1 100644
--- a/terraform/evaluate_test.go
+++ b/terraform/evaluate_test.go
@@ -10,7 +10,6 @@ import (
 	"github.com/hashicorp/terraform/addrs"
 	"github.com/hashicorp/terraform/configs"
 	"github.com/hashicorp/terraform/configs/configschema"
-	"github.com/hashicorp/terraform/experiments"
 	"github.com/hashicorp/terraform/plans"
 	"github.com/hashicorp/terraform/states"
 	"github.com/hashicorp/terraform/tfdiags"
@@ -190,8 +189,6 @@ func TestEvaluatorGetResource(t *testing.T) {
 				ManagedResources: map[string]*configs.Resource{
 					"test_resource.foo": rc,
 				},
-				// Necessary while provider sensitive attrs are experimental
-				ActiveExperiments: experiments.NewSet(experiments.SuppressProviderSensitiveAttrs),
 			},
 		},
 		State: stateSync,
@@ -421,8 +418,6 @@ func TestEvaluatorGetResource_changes(t *testing.T) {
 						},
 					},
 				},
-				// Necessary while provider sensitive attrs are experimental
-				ActiveExperiments: experiments.NewSet(experiments.SuppressProviderSensitiveAttrs),
 			},
 		},
 		State:   stateSync,